Cyber-attacks are becoming more and more widespread and dangerous by targeting people, companies, and Italian Government. The globalization and the more sophisticated techniques allow hackers to breach security. As shown by the increased number of cybercrimes and damage to IT systems Italy is one of the main targeted countries; specifically, the financial industry is the hardest-hit sectors, where the proliferation of the so-called “fintech” has facilitated the development of several “technology-oriented” actors who often lack the needed expertise against cyber-attacks. Additionally, Italy has registered a growing number of attacks against public administration (PA) and manufacturing sector companies, representing 40% of the total cyber-attacks recorded in the first half of last year.
Cybercrime in 2023: Italy in hacker’s sights
According to a report published by Clusit, Italian association for cybersecurity, in 2023 cyber-crimes significantly increased not only in Italy but all over the world. Over the last 5 years, the scenario has significantly worsened: comparing the number of detected attacks in the first half of 2018 with those in 2023, there has been 86% increase (from 745 to 1,382). In the same period, the monthly average of severe attacks has risen from 124 to 230 (almost 8 per day).
Cybercrime at the global level
Between January 2018 and June 2023, 11,015 cyber-attacks were registered globally, with 1,382 cyber-attacks recorded in the first half of the year, marking the highest number, while April saw the peak with 262 attacks. Upon analyzing the data, it becomes evident how this trend is experiencing a slight decline compared to 2021 (82% versus 86%), allowing Information warfare to reach a value of 4%, following a minor decrease in 2019 and 2021. Additionally, espionage/sabotage decreased by one percentage point compared to 2021, having peaked 14% in 2020. In the first half of 2023, cybercrime constituted 84% of the attacks, with other categories such as espionage and information warfare declining, except for hacktivism actions, which rose from 3 to 8%.
The hardest hit industries
According to data from the first half of the year, cyber-attacks have mainly targeted the following industries: Multiple Targets (20%), Healthcare (14.5%), Law Enforcement, Italian government/Army (11.7%), ICT (11.4%), Finance/ Insurance (10.5%) and Education (7.1.%). These fields represent more than 75% of worldwide recorded cyber-crimes in the first half of the year. Comparing data with those from 2022 it becomes clear that the scenario is slightly changing as shown by cyber-attacks to Multiple Targets (less than 2% compared to 2021): a sign that, even if attacks aiming to simultaneously hit the largest number of victims are always convenient, the emerging trend is that hackers are becoming more sophisticated. The News/Multimedia industry, currently experiencing reduced impact (3% of total incidents in the first half of 2023, down by 2%), had previously been targeted due to numerous propaganda and misinformation campaigns related to the Russia/Ukraine conflict. Conversely, attacks on the healthcare, financial, and education industries are increasing (+2%), highlighting how strategic they are for hackers.
Geography of cyber crimes
The ongoing digitalization process is reshaping the geographic spread of cyber-attacks, posing a present threat to which no one is immune. However, for certain continents, such as Oceania and Africa, there is a lack of specific information regarding cybercrimes, thus resulting in an incomplete representation of the real situation.
The Americas as a whole return to 2021 values after decreasing by 7 percentage points in 2022. Attacks against people in multiple locations keep significantly decreasing (-5%): a further indication shows that in 2023 hackers resorted to more targeted violations. If in most non-EU countries values are still unchanged, there is a slightly decrease in EU member states which still represent a fifth of global crimes. Data from 2023 show a significant number of cyber victims in the Americas (46.5% in 2022) compared to European (22%) and Asian (8%) ones. Almost a quarter of these attacks occurred in different countries (21.7%) other than Oceania (1.3.%) and Africa (0.4%).
The most widespread cyber crime techniques
In 2023, the most prevalent cyber-attack method was Malware, accounting for 35.7% of total cyber activities, despite experiencing a slight decline of 1.3%. Unknown techniques ranked second at 21%, showing a decrease of 3 percentage points compared to 2022, overtaking the Vulnerability category, which increased by 4.8%, and Phishing/Social Engineering, which decreased by 3.4%. Multiple Techniques represented 8% of total crimes, marking a decrease of 1.4%.
DoS attacks, though relatively few compared to the overall figures, are on the rise by 3.8%, concurrent with the increase observed in Hacktivism and Information Warfare. Identity Theft/Account Hacking remains unchanged with a marginal increase of 0.3%. Analyzing data from the first six months of 2023 we can see how cyber-attacks doubled: for instance, although Malware has decreased by 8 percentage points compared to 2019, their frequency remains considerably high (34%). The same consideration applies to all categories resorting to sophisticated techniques.
Cyber attacks are getting more dangerous
The mail goal of analyzing these attacks is to assess their impact on technological devices as well as their economic and legal ramifications. Over the past three years, there has been a notable increase of severe cyber-attacks, resulting in considerable damage to victims in terms of financial losses, data breaches, and damage to computing systems. Even in the first half of last year, attacks with severe or very severe impacts represented the vast majority (78.5% in the first half of 2023 compared to 80% in 2022). Attacks with moderate impacts are one-fifth only, while those with low impacts nearly disappeared. Analyzing the impacts also allows experts to understand what kind of hackers are behind them. Cybercrime, which is usually predominant compared to other attacks, registered higher impacts in 2023 compared to the previous years.
One of the most interesting aspects concern espionage attacks or cyber warfare, which have greater impacts on victims, and are significantly increasing. Furthermore, data show that not everyone is targeted in the same and with the same techniques: Italian Government and Army, for instance, are the hardest hit fields compared to others (a trend already present in 2022). Impacts on the Healthcare field are also increasing, remaining a main target for both economic and societal security impacts. Following closely there are ICT, Financial/Insurance, Education, Professional/Scientific/Technical, News/Multimedia, and Wholesale/Retail fields. Impacts on the manufacturing field are decreasing; despite being particularly targeted in recent years, it registers less severity attacks compared to 2022.
Cybercrime in Italy
According to the most recent Clusit report, cybercrime saw a significant rise in Italy in 2023, mirroring the trends observed in 2022. Between 2018 and the first six months of 2017, 505 cyber-attacks were identified across 132 Italian industries (26%). The monthly average, which had shown a notable figure in previous years, increased from 15.7 attacks in 2022 to 22 in the first half of 2023. This growth rate is one of the main reasons for concern in our country: throughout 2022, 188 attacks were detected, already setting a negative record for Italy, marking 169% increase, while globally there was already a (severe) rise of 21%. In the first half of 2023 the number of global attacks significantly decreased, returning to 11%, just above the yearly trend registered between 2019 and 2021. Quite the opposite in Italy, where in the first half of 2023 there was a growth of 40%, almost four times higher than the global figure, similarly to what happened in 2021.
If on the one hand, we could argue that we are experiencing an improvement compared to 2022, however, as of 2019, the year-on-year percentage growth in Italy has consistently been higher compared to the rest of the world: it went from being 3.2 times the global growth in 2019 than in 2018, to 5 times in 2021, 8 times the globally growth rate in 2022, before returning to 3.7 times in the first half of 2023. This improvement negatively impacts Italian data: in 2022, 7.6% of the total attacks were registered in Italy, while in the first 6 months of 2023, attacks were only 9.6%.
While globally, from 2019 to the first half of 2023, cyber-attacks increased by 61.5%, in Italy the overall growth reached 300%. These alarming figures are also confirmed by national and international reports. According to the 2022 report from the Cybersecurity and Data Protection Observatory of the Politecnico di Milano, 67% of big companies have experienced an increase in attacks compared to the previous year, with 14% of companies reporting concrete and serious losses.
Different types of attacks in Italy: two out of three are linked to the cybercrime
As it happens on the global level, the most part of cyber-attacks in Italy are referred to as cybercrime (69%), showing a significant decrease compared to last year. Despite the decline in cybercrime activities (which represented 93.1% of total attacks in 2022), it is crucial to note that these attacks continue to exhibit a steady and consistent increase, with 91 incidents reported in Italy in the first 6 months of 2023. On the other hand, attacks classified as “Hacktivism” are significantly growing, reaching 30% in this semester (in 2022 they constituted 6.9% of attacks).
In Italy, this kind of incidents constitute a much higher share compared to the global average (equal to 7.7%): over 37% of the total “Hacktivism”-related attacks have targeted Italian organizations. Demonstrative attacks, often linked to political purposes, against entities or companies in our country, are multiplying. Analyzing the recorded events, it is clear how the above-mentioned demonstrations are related to current geopolitical situation, specifically the Ukrainian conflict: this results in activist groups awareness campaigns involving both our country and other nations part of the pro-Ukraine bloc. Even if there could be a potential thread with Russian government (or generally speaking with countries which still have a neutral and unclear position about the ongoing conflict), there is no evidence which lead us to categorize these attacks as state-sponsored attacks, thus Information Warfare. The remaining 1% of attacks fall into the category of “Espionage/Sabotage”: in terms of both quantity and entity, since 2020 it is the first time that these incidents have been detected in Italy.
Cyber-attacks based on categories: financial industry is the most targeted one
Once again, Government (23%) and Manufacturing (17%) fields face the most severe impact from hackers while, globally, they represent 12% and 5% of attacks raking third and seventh respectively.
Attacks targeting Italian “Manufacturing” field represent 34% of the total attacks globally recorded. The field experiencing the greatest increase in severe attacks is “Financial/Insurance,” which jumps to fourth place, with 9% of attacks (compared to 3.7% in 2022). The number of attacks targeting victims in this area in the first 6 months of the year exceeds the total number of attacks that occurred throughout 2022.
Analyzing the attacks, one of the factors impacting significantly this negative trend is the increasing number of actors (so-called fintech) and the growing outsourcing of banking and insurance services. This results in a more fragmented and vulnerable market to cyber-attacks which have stopped targeting the most renowned organizations, which would likely be less vulnerable.
If this trend was confirmed for the second semester of 2023 (we do not yet have data), the annual growth rate would be 243%. Significant is also the increase observed in the “Multiple Targets” category, which rises from 10.6% in 2022 to 16.7% in the first semester of 2023; this increase goes against the trend in the rest of the world, which sees a reduction from 22% in 2022 to 20% in the first semester of 2023. These are non-targeted attacks that in Italy still cause incidents, although their incidence in our country is less significant than in the rest of the world (20% of victims). Again, if the trend was confirmed for the second semester of 2023, the growth would be 120%. The shares of the “Transportation/Storage” and “Gov/Mil/Le” sectors are also increasing, albeit to a lesser extent, while the percentage of “Manufacturing” and “ICT” industries is slightly decreasing (nonetheless, attacks’ value is increasing).
Malware is most used technique in Italy
Compared to 2022, malware (including ransomware) now constitutes the primary cyber technique used by hackers, accounting for 31% of attacks, albeit with a lesser impact compared to 2022 (53%) and 4 percentage points lower than the global average. DDoS attacks have also seen a notable increase, rising from 4% in 2022 to 30% in the first half of 2023, marking a rate five times higher. Additionally, phishing and social engineering cyber-attacks are on the rise, with Italian systems apparently more affected than those in other countries (14% compared to 8.6% in 2022), thus emphasizing the importance of enhancing users’ awareness of cyber threats. Meanwhile, web-based attacks have experienced a slight increase (1.5%) , while there has been a decrease in the percentage of vulnerable attacks (4% compared to 6% in 2022).
Cyber attacks in Italy are decreasing if compared to those all over the world
In the first half of 2023, the severity of these attacks significantly decreased in Italy than in the rest of the world. “Critical” incidents accounted for 20% only (compared to 40%), while the most part of attacks were classified as “High” severity (48% in Italy compared to 38% in the rest of the world) and “Medium” severity (30% in Italy compared to 21% in the rest of the world). Moreover, there were 2% of incidents with low severity. In terms of severity, the Italian situation in the first 6 months of 2023 is better if compared to global data, registering a lower number of attacks classified as maximum severity.
Final thoughts
The latest and most up-to-date data show a growing prevalence of cybersecurity threats, impacting public administration. The increasing employment of highly dangerous and sophisticated techniques, alongside their impact on everyday life, underscores the importance of implementing preventive measures to safeguard computer systems, both in the private and public sectors. At the same time, efforts in education and recruitment should focus on training a pool of skilled and experienced professionals capable of preventing these attacks, thereby helping companies, administrations, and people.
